The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains only instructional guidelines for code generation and review. No patterns of role-play injection, safety bypasses, or instructions to ignore previous constraints were found.
[DATA_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file access (such as SSH keys or AWS configs), or unauthorized network operations was found. The guidelines actively promote security best practices, such as redacting sensitive fields (passwords, tokens, credit cards) from logs.
[EXTERNAL_DOWNLOADS]: The skill references standard Node.js packages within the Fastify ecosystem (e.g., @fastify/jwt, @fastify/autoload, zod). These are well-known, trusted dependencies from the official NPM registry and do not pose a security risk in this context.
[REMOTE_CODE_EXECUTION]: There are no patterns suggesting the download and execution of remote scripts or arbitrary code. All code snippets are provided as static documentation for educational purposes.
[COMMAND_EXECUTION]: No dangerous shell command execution or unauthorized subprocess spawning patterns were identified. Usage of 'npm install' is restricted to standard package management in documentation.
[CREDENTIALS_UNSAFE]: The code examples use non-sensitive placeholders like 'my-secret' or 'JWT_SECRET' for demonstration purposes and do not contain real secrets or private keys.
[OBFUSCATION]: All content is in clear text. No Base64 encoding, zero-width characters, or homoglyph-based obfuscation techniques were detected.

fastify-best-practise